Privilege escalation vulnerabilities allow attackers to impersonate
other users, or gain permissions they should not have. These
vulnerabilities occur when code makes access decisions on the back of untrusted
inputs.

Risks

Prevalence

Occasional

Exploitability

Moderate

Impact

Devastating

Many websites hold sensitive data on behalf of their users. If an
attacker can exploit horizontal escalation vulnerabilities to gain access to
another user’s data, you are betraying your users’ trust, which can have
reputational, legal, and financial implications.

If an attacker can exploit vertical escalation vulnerabilities to gain
administrative access, they can interrupt critical functions and possibly
compromise your application.